Hi,
I need to get list of hosts not sending logs over two days for example, a query with kibana would be awesome!
This isn't possible with most standard logs-oriented indices, because to run this query you need to have a host-oriented index that has a structure like this:
{ host: 1, last_known_date: 2021-03-15 }`
There is a feature that you can use in Elasticsearch to solve this problem. Transforms let you pivot by host